English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.856893
Category:openSUSE Local Security Checks
Title:openSUSE Security Advisory (SUSE-SU-2025:0005-1)
Summary:The remote host is missing an update for the 'liboqs, oqs-provider' package(s) announced via the SUSE-SU-2025:0005-1 advisory.
Description:Summary:
The remote host is missing an update for the 'liboqs, oqs-provider' package(s) announced via the SUSE-SU-2025:0005-1 advisory.

Vulnerability Insight:
This update for liboqs, oqs-provider fixes the following issues:

This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms.

This update liboqs to 0.12.0:

- This release updates the ML-DSA implementation to the [final
FIPS 204]([link moved to references]) version. This
release still includes the NIST Round 3 version of Dilithium for
interoperability purposes, but we plan to remove Dilithium Round 3 in
a future release.
- This will be the last release of liboqs to include Kyber (that is,
the NIST Round 3 version of Kyber, prior to its standardization by NIST
as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203).
- The addition of ML-DSA FIPS 204 final version to liboqs has
introduced a new signature API which includes a context string
parameter. We are planning to remove the old version of the API
without a context string in the next release to streamline the
API and bring it in line with NIST specifications. Users who
have an opinion on this removal are invited to provide input at
[link moved to references].

Security issues:

- CVE-2024-54137: Fixed bug in HQC decapsulation that leads to incorrect
shared secret value during decapsulation when called with an invalid
ciphertext. (bsc#1234292)
- new library major version 7

Updated to 0.11.0:

* This release updates ML-KEM implementations to their final FIPS 203
[link moved to references] versions .
* This release still includes the NIST Round 3 version of Kyber for
interoperability purposes, but we plan to remove Kyber Round 3 in a
future release.
* Additionally, this release adds support for MAYO and CROSS
digital signature schemes from [NIST Additional Signatures Round 1
[link moved to references]
along with stateful hash-based signature schemes XMSS
[link moved to references] and LMS
[link moved to references].
* Finally, this release provides formally verified
implementations of Kyber-512 and Kyber-768 from libjade
[link moved to references]
* LMS and XMSS are disabled by default due to the security risks associated with their use in software.
See the note on stateful hash-based signatures in CONFIGURE.md
* Key encapsulation mechanisms:
- Kyber: Added formally-verified portable C and AVX2 implementations
of Kyber-512 and Kyber-768 from libjade.
- ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512,
ML-KEM-768, and ML-KEM-1024 to FIP 203 version.
- Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and
Kyber-1024 to work with AddressSanitizer.
* Digital signature schemes:
- LMS/XMSS: Added implementations of stateful hash-based signature
schemes: XMSS and LMS
- MAYO: Added portable C and AVX2 implementations of MAYO signature
scheme from NIST Additional Signatures Round 1.
- CROSS: Added portable C and AVX2 implementations of CROSS signature
scheme from NIST Additional Signatures Round 1.
* Other ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'liboqs, oqs-provider' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-36405
https://github.com/open-quantum-safe/liboqs/blob/7eecda6095c003ddded7175a1ffdf35a2ce63ed5/src/kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c#L166
https://github.com/open-quantum-safe/liboqs/commit/982c762c242ef549c914891b47bf6e0ed6321f91
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-f2v9-5498-2vpp
https://github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c
Common Vulnerability Exposure (CVE) ID: CVE-2024-37305
https://github.com/open-quantum-safe/oqs-provider/pull/416
https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx
Common Vulnerability Exposure (CVE) ID: CVE-2024-54137
CopyrightCopyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.